Don’t Wait for the UK Snoopers’ Charter to Pass: Encrypt Wikipedia Now

A joint committee of the UK’s House of Lords and the House of Commons is preparing to debate a draft bill known as the Snoopers’ Charter, a disastrous data retention bill which, as Techdirt explained, "would require ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls." But before they begin, MPs are doing their homework. In addition to having a public consultation, they are taking oral testimony from a range of stakeholders, including Wikipedia founder Jimmy Wales.

Wales has been an outspoken critic of the Snoopers’ Charter from the beginning, characterizing the proposed bill as “technologically incompetent,” and comparing it to the tactics of authoritarian regimes: "It is not the sort of thing I'd expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese." In this week’s testimony, he went on to say that if the data retention bill were passed into law, he would move to encrypt all of Wikipedia’s connections with Britain, forcing the government to resort to the “black arts” in order to gain information about the pages Britons are reading and editing on Wikipedia. He went on to urge other Internet companies to do the same.

Wales was not specific about the technology he had in mind, but we assume that his testimony referred to enabling HTTPS (the encrypted, more secure version of the protocol that displays content on your web browser) by default in the UK. Wikipedia currently supports HTTPS for security-minded users, but defaults to the insecure version. Chrome and Firefox users can make sure that they always access Wikipedia securely via HTTPS by using HTTPS Everywhere.

While it is unclear that Wales has the authority to mandate the use of HTTPS by default for Wikipedia users in Britain, EFF believes that this is an idea that the Wikipedia community should consider—not just in Britain, but all over the world. Rather than waiting for bad legislation, Wikipedians should take this opportunity to make one relatively small technical change that could serve as a bulwark against all kinds of government surveillance, filtering and data retention laws.

Related Updates

UPDATE (August 10, 2017):The court hearing the case ordered [.pdf] the unsealing of EFF's letter brief, which you can read here [.pdf]. Because the case is entirely under seal, EFF had to file its brief under seal and could not immediately publish the letter. In the...

Since last year, Indian citizens have been required to submit their photograph, iris and fingerprint scans in order to access legal entitlements, benefits, compensation, scholarships, and even nutrition programs. Submitting biometric information is needed for the rehabilitation of manual scavengers, the training and aid of disabled people, and anti-retroviral...

Online platforms must be allowed to assert their anonymous users’ First Amendment rights in court, EFF argued in a brief filed Monday in a California appellate court. The case, Yelp v. Superior Court, concerns whether online review website Yelp has the legal right to appear in court and make arguments...

The US government has backed down from its attempt to unmask an anonymous Twitter account that criticized the Trump administration, a victory for free speech advocates. Jamie Lee Williams, a staff attorney at the Electronic Frontier Foundation, said: “The fact that they withdrew the summons...

Twitter dropped its legal fight with the federal government Friday after U.S. Customs and Border Protection reversed course and withdrew a summons seeking to unmask the users of an account critical of the Trump administration. "Once there’s push back and legal rights are asserted, then those things typically go away...

Although authorities retreated, the case has laid bare the broad power of the U.S. government to demand information from technology companies, sometimes with no oversight from the courts and often with built-in secrecy provisions that prevent the public from knowing what the government is seeking. "It's important to keep in...

Update (April 7, 2017): According to a new filing [.pdf], the Justice Department told Twitter that CBP's request had been withdrawn, and the government no longer seeks to identify the Twitter user. In response, Twitter dropped its suit. Twitter is fighting an attempt by the Customs and Border Protection...

The US government sought to unmask the identity of an anonymous Twitter account criticizing its policies, according to a lawsuit filed by the social media platform Thursday. “The government must not be able to use its formidable investigatory powers to intimidate and silence its critics,” said...

The U.S. border has been thrown into the spotlight these last few months, with border agents detaining travelers for hours, demanding travelers unlock devices, and even demanding passwords and social media handles as a prerequisite for certain travelers entering the country. As the U.S. government issues a...

It’s worth noting, though, that unlike other secure messaging apps, like standard-bearer Signal, Confide’s encryption is closed source and proprietary, meaning no one outside the company knows what’s going on under the hood of the app. “One key is always, do you make code publicly available that’s been...